Here is the config... If you guys find anything that is unrelevant in my config, please tell me because this is a home environment. Many things here I copied from other configs (I don't know what the whole QUERY context means). Thank you ######################################## # ARQUIVOS DE CONFIGURACAO DO SQUID # ######################################## http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_dir ufs /var/cache/squid 10 16 256 cache_access_log /var/log/squid/access.log ftp_user Squid@xxxxxxxxxxxxxxx cache_mgr palula@xxxxxxxxxx ######################################## # CONFIGURACAO DE ACCESS LISTS # ######################################## acl all src 0/0 acl minha_rede src 192.168.100.0/24 acl bad_strings url_regex "/etc/squid/bad_strings.acl" acl bad_sites dstdomain "/etc/squid/bad_sites.acl" acl bad_files urlpath_regex "/etc/squid/bad_files.acl" acl good_sites dstdomain "/etc/squid/permitted.acl" acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl ssl_ports port 443 563 acl safe_ports port 80 # http acl safe_ports port 21 # ftp acl safe_ports port 443 563 # https, snews acl safe_ports port 70 # gopher acl safe_ports port 210 # wais acl safe_ports port 1025-65535 # unregistered ports acl safe_ports port 280 # http-mgmt acl safe_ports port 488 # gss-http acl safe_ports port 591 # filemaker acl safe_ports port 777 # multiling http ######################################## # SEGURANCA DE HEADERS # ######################################## header_access Via deny all header_access X-Forwarded-For deny all header_access Proxy-Connection deny all header_access Accept-Encoding deny all header_access User-Agent deny all header_replace Via Stealthed header_replace X-Forwarded-For Unknown header_replace User-Agent Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6+) Gecko/20011122 ######################################## # PERMISSOES # ######################################## acl CONNECT method CONNECT http_access deny bad_sites http_access deny bad_strings http_access deny bad_files http_access deny CONNECT !ssl_ports http_access allow good_sites http_access allow safe_ports http_access allow manager localhost http_access deny manager http_access allow minha_rede http_access deny all visible_hostname netradio.com.br coredump_dir /var/cache/squid httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on ----- Original Message ----- From: "Christoph Haas" <email@xxxxxxxxxxxxxxxxx> To: <squid-users@xxxxxxxxxxxxxxx> Sent: Friday, December 09, 2005 11:44 AM Subject: Re: Squid doesn't block access to port 8080 On Friday 09 December 2005 12:13, Palula Brasil wrote: > I've been receiving some links to executables files through my email and > the link comes like this: www.somesite.com.country/urlpath/file.exe:8080 > > The problem is that I putted the ".somesite.com.country" on the > bad_sites acl and it still is permitting access thos files. > > Can anybody help me out on how to overcome this problem. Not without looking at your config. Christoph -- ~ ~ ".signature" [Modified] 2 lines --100%-- 2,41 All
